[squid-users] Delay Pools and HTTPS on Squid 3.x

[Hery Martin]

Hello everybody:

Since a few months ago I'm using squid to provide a solution as small
business proxy in the network of my work place.

I'm from Cuba, in our country the Internet is a very limited resource. I
have only one link of 2Mbps to share with 20 ~ 25 users (even with my
network have more than 60) this is the normal concurrent number.

When I start the squid deployment in my network I started using 2.7stable9
version, I made all arrangements to put it work with my AD to match ACLs
using AD Groups and everything works perfect.

I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per
user approx.

delay_pool 1
delay_class 1 2
delay_parameters -1/-1 12228/12228

The delay pool works perfect, I was checking with real-time tool sqstat and
with squidclient mgr:delay

NOW.....

I recently upgrade squid to 3.3.8 and I notice that delay pool started to
going wrong when the users surf or download using HTTPS protocol

I checked in real-time and when the users browse HTTPS the pool goes in
negative numbers and start to grow and grow, its very easy to check, just
define a delay pool with 5KB and start a download from an HTTPS source and
you can check it with squidclient mgr:delay, the ip takes negative pool
value and keep growing until the download finish.

Frustrated with this behavior I put different squid versions in a
Virtualization Server and definitely I saw that the problem occurs with
squid 3.x versions, today I made a final test and I think that the
implementation of HTTP v1.1 is maybe related with that problem (I'm not
sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1 was
not yet implemented)

Please, if you have the opportunity, just test this in a Lab environment, I
decided to write to this email list because I asked to many people that
already have implemented squid as proxy in their networks and they didn't
believed to me until I demostrated the issue.

Have anyone information about this bug? There is any hope to fix this
problem at code level?

Anyway, I'm computer systems engineer, I use to write a lot C++ lines every
week... I'm not related with the squid development (never saw the code in
my life) but if somebody have any idea how to fix this and wants help just
count with me.

Greetings from Cuba and sorry about my English :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160216/56555126/attachment-0001.html>